Capability helps device manufacturers find vulnerabilities in packages from their suppliers
COLUMBUS, Ohio — Jan. 4, 2022 — Vulnerabilities in the software supply chain are costing device manufacturers business. Threats like Treck TCP/IP and ThroughTek Kalay P2P SDK continue to emerge, and according to a recent Ponemon Institute report, nearly 60% of organizations have lost revenue due to product security concerns. Finite State, the product security leader for connected devices, has unveiled a way to reduce the business risk of those vulnerabilities through advanced binary analysis.
Device manufacturers use board support packages (BSPs) and software development kits (SDKs) from third-party vendors and developers, often without knowing what is inside them. Because these packages are essentially black boxes, any insecure configuration files make it easier for threat actors to carry out privilege escalation attacks, brute force attacks, and other potentially disastrous breaches.
Finite State’s advanced binary analysis enhances automated zero-day vulnerability detection to eliminate blind spots in developer libraries. This capability goes beyond the source code-based software as a service (SaaS) offerings to catch the vulnerabilities those tools miss.
“Manufacturers are inherently trusting the developers of SDKs and BSPs, but recent vulnerabilities like Log4j, ThroughTek, Realtek, and DNSpooq prove they shouldn’t be so trusting,” said Jeff Martin, VP of Product at Finite State. “Our advanced binary analysis finally gives manufacturers visibility into these packages that are being added to their firmware unchecked.”
In addition to making it possible for security teams to see into these black boxes, Finite State’s advanced binary analysis saves them the time and effort of extensive manual testing. This essential feature ensures that products are more secure before they are shipped and allows organizations to quickly assess their third-party components for zero-day vulnerabilities and Common Vulnerabilities and Exposures (CVEs) to protect customer relationships, brand reputation, and potential loss of revenue.
Learn more about the advanced binary analysis works within the Finite State platform by visiting booth 6774 at CES 2022.
About Finite State
Finite State empowers organizations to gain control of product security for their connected devices and supply chains. Backed by a team of seasoned experts, our automated product security platform arms our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. For more information, visit www.finitestate.io.
Gregory FCA on behalf of Finite State